SUSE has issued an advisory today (June 30): https://lists.suse.com/pipermail/sle-security-updates/2021-June/009100.html It was previously believed that only 5.4.x was affected, but SUSE thinks older versions are affected (so lua and lua5.1 may also be). This makes me wonder about CVE-2020-24342 (Bug 28143) as well. Mageia 7 is also affected.
CC: (none) => nicolas.salgueroWhiteboard: (none) => MGA7TOO
NicolasL is the registered maintainer for this; unusually I cannot pin it down in the Cauldron logs to see who really has been doing it, so assigning it to you by default. NicolasS is already CC'd.
Assignee: bugsquad => mageia
Removing Mageia 7 from whiteboard due to EOL: https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/
Whiteboard: MGA7TOO => (none)CC: (none) => jani.valimaa
openSUSE has issued an advisory for this on July 2: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OOVDNMRFDTKUTT25LOX5ABPHFFAREA4V/
Status comment: (none) => Patch available from openSUSE
this is already fixed in mga8. ------------------------------------------------------------------------ r1620894 | ns80 | 2020-09-02 10:46:32 +0200 (Wed 02 Sep 2020) | 2 lignes - add Fedora patch for CVE-2020-24370 (mga#27213)
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
Yes, patch added in both lua and lua5.3. How about lua5.1?
Source RPM: lua5.3-5.3.5-5.mga8.src.rpm => lua5.1-5.1.5-15.mga8.src.rpmCC: (none) => mageiaStatus: RESOLVED => REOPENEDSummary: lua5.3 new security issue CVE-2020-24370 => lua5.1 new security issue CVE-2020-24370Assignee: mageia => nicolas.salgueroResolution: FIXED => (none)
i looked and lua 5.1 does not seems affected. ( the findvararg function does not exist )
Resolution: (none) => FIXEDStatus: REOPENED => RESOLVED
Thanks.
Resolution: FIXED => INVALID